Information Security 101 - a general, multi-topic starter module covering the basics of information security for new employee orientation sessions and to accompany the launch of your security awareness program. MORE

Information security risk management - processes to identify, examine and treat the full spectrum of information security risks, in the context of corporate risk management as a whole;

Insider threats - security threats arising from employees on the payroll and third party employees working for/within the organization in a similar capacity;

Portable ICT - security of laptops and other portable/mobile ICT devices, touching on BYOD and home working/teleworking;

SCADA/ICS security - security risks and controls relating to Supervisory Control And Data Acquisition/Industrial Control S ystems on the factory floor as well as distributed and embedded microcontrollers such as those increasingly found in Building Management Systems, elevators and vehicles;

Secure-by-design - making information security an integral part of systems and processes from the outset, including security architecture and the concept of fail-safe/fail-secure design;

Social insecurity combines social engineering with the security aspects of social networking and social media;

Surveillance - increasingly common in public, corporate and personal domains, surveillance is both a valuable form of monitoring control and a privacy/human rights concern depending on your perspective;

Survivability - tackles the extreme end of risk management, incident management and business continuity;

Third parties - information security issues resulting from business relationships between organizations, extending the corporate security boundary to suppliers, partners and customers;

Trade secrets - a spectrum of activities from legitimate market research and competitive intelligence through to unethical if not illegal industrial espionage and information warfare;

Viruses and other forms of malware (worms, Trojans, key loggers, spyware, rootkits, APTs/Advanced Persistent Threats) are such significant threats that we update this module annually with fresh content and news. This year, we picked up on the sophisticated bank Trojans.

... so how come certain vendors are still desperately flogging the notion that self-phishing is enough? Do they honestly believe that their customers are that naive?

Don't get me wrong: phishing is indeed a threat, but even a highly phishing-aware workforce remains open to many more forms of attack, and indeed many other forms of information compromise, damage or loss.